Hacker Used SQL-injection to Get 675K Credit Card

A computer hacker from Georgia has pleaded guilty to fraud and identity theft after authorities found him with more than 675,000 stolen credit card accounts on his home computers, Credit card companies have traced more than $36 million in fraudulent transactions to the accounts that were breached by Rogelio Hackett.

How he did it? Hacker briefly used the SQL-injection attack on web resources he was able to use different SQL vulnerabilities despite that this kind of vulnerability is well known. SQL injection is one of the popular attacks on web application’s backend database it is not like XSS vulnerability where attacker uses JavaScript to target the client browser, SQL injection targets the SQL statement being executed by the application on the backend database.

Hackers usually identify the SQL injection vulnerability by adding invalid or unexpected characters to a parameter value and watch for errors in application’s response. For example:

http://www.example.com/users.asp?id=mark’

If the request generates an error, it is a good indication of a mishandled quotation mark and the application may be vulnerable to SQL injection attacks. While I think that automated tools can do fast job in checking these vulnerabilities such as Havij a very fast tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.

Attack with SQL-code uses poorly written Web-based applications that directly write data into the database. In fact, SQL-injection does not depend on application language as mistakes in programming allow SQL-injection use almost any programming language.

That’s why it is very important to conduct Application black-box penetration testing as this can reveal OWASP Top 10 application vulnerabilities, including SQL injection, parameter manipulation, cookie poisoning, and XSS.

An attacker who wishes to grab usernames and passwords might try phishing and social engineering attacks against some user’s application. On the other hand, Hackers can try to pull everyone’s credentials directly from the database.

make sure you subscribe to my RSS feed!

Share
Subscribe
Notify of
guest
37 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
trackback

RT @r0bertmart1nez: RT @sectechno: Hacker Used SQL-injection to Get 675K Credit Card http://bit.ly/jCUWz9

trackback

RT @sectechno: Hacker Used SQL-injection to Get 675K Credit Card http://bit.ly/jCUWz9

trackback

RT @sectechno: Hacker Used SQL-injection to Get 675K Credit Card http://bit.ly/jCUWz9 #security #infosec

trackback

RT @sectechno2011Hacker Used SQL-injection to Get 675K Credit Card http://bit.ly/jCUWz9: Hacker Used SQL-injection to Get 675K Credit…

trackback

RT @Network_Intrude2011#security Hacker Used SQL-injection to Get 675,000 Credit Card http://dlvr.it/Pwq8B #infosec: #security Hacker…

trackback

RT @ArabSec: #security Hacker Used SQL-injection to Get 675,000 Credit Card http://dlvr.it/Pwq1m #infosec

trackback

#security Hacker Used SQL-injection to Get 675,000 Credit Card http://dlvr.it/Pwq1m #infosec

trackback

Top #security story: Hacker Used SQL-injection to Get 675K Credit Card | SecTechno http://bit.ly/jgTmQS, see more http://bit.ly/ebcr1p

trackback

Hacker Used SQL-injection to Get 675,000 Credit Card http://t.co/xWNDQKN

trackback

RT @zwadderneel2011Top #security story: Hacker Used SQL-injection to Get 675K Credit Card | SecTechno http://bit.ly/jgTmQS, see more …

trackback

Hacker Used SQL-injection to Get 675K Credit Card: [sectechno.com] A #computer_hacker from Georgia has pleaded… http://cybr.tk/Py0QD

trackback

Hacker Used SQL-injection to Get 675K Credit Card: [sectechno.com] A #computer_hacker from Georgia has pleaded… http://winsec.tk/Py0Pf

trackback

RT @ArabSec: #security Hacker Used SQL-injection to Get 675,000 Credit Card http://dlvr.it/Pwq1m #infosec

trackback

Hacker Used SQL-injection to Get 675K Credit Card http://bit.ly/jCUWz9 <<via @sectechno>> #security #infosec

trackback

RT @MBenLakhoua: Hacker Used SQL-injection to Get 675K Credit Card http://bit.ly/jCUWz9 <<via @sectechno>> #security #infosec

trackback

RT @MBenLakhoua: Hacker Used SQL-injection to Get 675K Credit Card http://bit.ly/jCUWz9 <<via @sectechno>> #security #infosec

trackback

RT @MBenLakhoua: Hacker Used SQL-injection to Get 675K Credit Card http://bit.ly/jCUWz9 <<via @sectechno>> #security #infosec

trackback

Hacker Used SQL-injection to Get 675K Credit Card http://bit.ly/jCUWz9 <<via @sectechno>> #security #infosec

trackback

Hacker Used SQL-injection to Get 675K Credit Card http://bit.ly/jCUWz9 <<via @sectechno>> #security #infosec

trackback

US hacker from Georgia used SQL-injection to breach web apps and get 675k CC's/$36m+ http://bit.ly/kgh2tf #security #infosec via @sectechno

trackback

Hacker Used SQL-injection to Get 675K Credit Card http://bit.ly/jCUWz9 <<via @sectechno>> #security #infosec

trackback

RT @Bug2Hunt: Hacker Used SQL-injection to Get 675K Credit Card http://bit.ly/jCUWz9 <<via @sectechno>> #security #infosec

trackback

RT @PhysicalDrive0: #Hacker Used #SQL injection to Get 675K Credit Card http://bit.ly/jyQDrQ

trackback

#Hacker Used #SQL injection to Get 675K Credit Card http://bit.ly/jyQDrQ

trackback

RT @PhysicalDrive02011#Hacker Used #SQL injection to Get 675K Credit Card http://bit.ly/jyQDrQ: #Hacker Used #SQL injection to Get 67…

trackback

RT @MBenLakhoua: Hacker Used SQL-injection to Get 675K Credit Card http://bit.ly/jCUWz9 <<via @sectechno>> #security #infosec

trackback

RT @MBenLakhoua: Hacker Used SQL-injection to Get 675K Credit Card http://bit.ly/jCUWz9 <<via @sectechno>> #security #infosec

trackback

Hacker Used SQL-injection to Get 675K Credit Card: A computer hacker from Georgia has pleaded guilty to fraud an… http://bit.ly/lPVQaS

trackback

Hacker Used SQL-injection to Get 675K Credit Card http://tinyurl.com/6kyqqah

Anonymous

Through SQL Injection, the hacker may ascribe accurately crafted SQL commands with the absorbed of bypassing the login anatomy barrier and seeing what lies abaft it. SQL Injection vulnerabilities accommodate the agency for a hacker to acquaint anon to the database.

toshiba direct coupon code

trackback

Hacker Used SQL-injection to Get 675K Credit Card: [sectechno.com] A #computer_hacker from Georgia has pleaded… http://cybfor.tk/Q5FLX

trackback

RT @alexandrosilva: Hacker Used SQL-injection to Get 675K Credit Card http://j.mp/kp5z2S #InfoSec

trackback

Hacker Used SQL-injection to Get 675K Credit Card http://j.mp/kp5z2S #InfoSec

trackback

RT @alexandrosilva: Hacker Used SQL-injection to Get 675K Credit Card http://j.mp/kp5z2S #InfoSec

trackback

RT @alexandrosilva: Hacker Used SQL-injection to Get 675K Credit Card http://j.mp/kp5z2S #InfoSec

trackback

SQL injection again … getting 675K credit card numbers http://bit.ly/jJlC5P

tejvir singh

Resources like the one you mentioned here will be very useful to me! I will post a link to this page on my blog. I am sure my visitors will find that very useful.